API tools faq
paste
tpsingh26

Apahce Secure

tpsingh26
Aug 28th, 2021 (edited)
436
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.48 KB | None | 0 0
raw download clone embed print report
  1. # Hardning of Apache with PHP
  2.  
  3.  
  4.  
  5. yum update -y
  6. yum install epel-release -y
  7. rpm -Uvh http://mirror.webtatic.com/yum/el7/webtatic-release.rpm
  8. yum install vim wget firewalld httpd mod_ssl php70w.x86_64 php70w-mcrypt policycoreutils-python -y
  9.  
  10. systemctl start httpd && systemctl enable httpd && systemctl status httpd
  11.  
  12. systemctl start firewalld && systemctl enable firewalld &&
  13. firewall-cmd --permanent --add-service=http --zone=public &&
  14. firewall-cmd --permanent --add-service=https --zone=public &&
  15. firewall-cmd --reload
  16.  
  17.  
  18. rm -Rf /usr/share/httpd
  19. rm -Rf /etc/httpd/conf.d/welcome.conf
  20. touch index.php
  21.  
  22. sudo sed -i 's/SELINUX=disabled.*/SELINUX=enforcing/' /etc/selinux/config
  23.  
  24. semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?"
  25. #HTTPS ACCESS ONLY
  26. semanage fcontext -a -t httpd_sys_content_t "/var/www/html(/.*)?"
  27. restorecon -R -v "/var/www/html
  28.  
  29.  
  30. mv /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.back
  31. sed '/^#\|^$\| *#/d' /etc/httpd/conf/httpd.conf.back >> /etc/httpd/conf/httpd.conf
  32.  
  33. sed -i 's/.*<Directory \/>.*/&\ni/' /etc/httpd/conf/httpd.conf
  34. sed -i 's/.*<Directory "\/var\/www">.*/&\nOptions -Indexes -Includes -ExecCGI -FollowSymLinks/' /etc/httpd/conf/httpd.conf
  35. sed -i '/<Directory "\/var\/www\/html">/,/<\/Directory>/s/Options Indexes FollowSymLinks/Options -Indexes -Includes -ExecCGI -FollowSymLinks/' /etc/httpd/conf/httpd.conf
  36. sed -i '/^IncludeOptional conf.d\/\*\.conf.*/i ServerName 127.0.0.1:80\nServerTokens Prod\nServerSignature Off\nFileETag None\nTraceEnable off\nHostnameLookups Off\nHeader always set X-Content-Type-Options nosniff\nHeader always set X-XSS-Protection "1; mode=block"\nHeader always append X-Frame-Options SAMEORIGIN\nAddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript' /etc/httpd/conf/httpd.conf
  37.  
  38.  
  39. Web Firewall
  40. =========================
  41.  
  42. yum --enablerepo=epel install mod_security mod_evasive mod_security_crs -y
  43. httpd -M | grep evasive
  44. httpd -M | grep security
  45.  
  46. systemctl restart httpd && systemctl status httpd -l
  47.  
  48.  
  49.  
  50.  
  51.  
  52.  
  53. # Edit following line in /etc/httpd/conf/httpd.conf end
  54.  
  55.  
  56. #ServerTokens Prod
  57. #ServerSignature Off
  58. ServerTokens Full
  59. SecServerSignature "testserver"
  60.  
  61.  
  62.  
  63. PHP
  64. ===============
  65. sed -i 's/short_open_tag = .*/short_open_tag = On/' /etc/php.ini
  66. sed -i 's/expose_php = .*/expose_php = Off/' /etc/php.ini
  67. sed -i 's/display_errors = .*/display_errors = Off/' /etc/php.ini
  68.  
  69.  
  70.  
  71.  
  72. systemctl restart httpd && systemctl status httpd -l
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!